Posts by DMR

To start with, for your partition setup, this:

multi(0)disk(1)rdisk(0)partition(2)\WINDOWS="Windows XP Professional" /fastdetect

should be this instead:

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Professional" /fastdetect

although that may not be all there is to it: When you installed XP on the second partition, it probably installed some critical boot files to the first partition. By installing ME on the first partition after XP was installed, you would have overwritten some of the XP boot files with ME's versions. This is why it's always recommended that you install the newest OS last; older OSes may not be natively aware of XP.

Has anything happened to the laptop recently which might account for the problem. Give us some details on the problem history.

The first thing to do would be to go into your BIOS setup and see if the devices are identified there. BIOS setup is accessed by pressing a certain key when the system first boots (before Windows starts); the most common access keys are F1, F2, Del, and Esc.

A simple Google search for "autoexec.nt" returns many possible explanations and fixes; see if one of them works for you:

http://www.google.com/search?hl=en&ie=UTF-8&q=autoexec.nt&btnG=Google+Search

That would depend on what type of installation you did when you put XP on the system. If you did an upgrade, you probably shouldn't mess with any of the old system files, but if you did a full install of XP and old files remained somehow, it would be safe to delete them.

Doing a reformat and full installation of XP is the recommended method, because errors/problems/inconsistencies that might have existed in your 98 setup could be "inherited" by XP if you only do an upgrade.

In terms of identifying running services, this site might give you a start:

http://www.blackviper.com/WIN2K/servicecfg.htm

You really should have installed ME first; the recommended order of installation in a multi-boot setup is oldest OS first.

If you post your boot.ini file here we might be able to suggest a fix.

I was afraid that would be the situation. Visio and Word are two pretty humungous applications; I'm not surprised that things bog down when you're manipulating a file made in one program through the other.

Let us know if your idea works, though.

and is a simple matter of reseting the CMOS

Yup, should be if it's only the BIOS password.

What kind of error messages do you get? When you say it can't boot, do you see anything?

Yes- your post gives us very little to go on; we need as much specific information concerning your problem if you want us to get to the root of the problem most quickly.

Hello,

I do not thin IPCHAINS is supported anymore under RH 9. I think you will need to learn how to use IPTABLES.

Yes- IPCHAINS was deprecated quite some time ago in favor of IPTABLES.

Hi fi216, welcome to TechTalk :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks for understanding.

__________________

Get The latest Version of Hijackthis 1.98

Download 'Hijack This!'.HERE
Download link is on the left

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe ,

Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save

Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for

hijackthis,most of what it lists will be harmless or even essential,

don't fix anything yet.

Reboot and post a new log

Yes, but don't post the HijackThis log in this forum- all virus/spyware/adware/etc. - related posts need to go into our Security forum. If you find that "spyware" might be part of your problem, please start a new thread in Security.

Ip address .type winipconfg in start/run i think will work ,I haven't used win98 for a couple of yrs now .

"winipcfg" is the correct spelling, but yes- that will give you all of your IP configuration info.

In terms of your question about the port #, you would have to clarify that by giving us more specific information. Network applications and/or services all use different ports, but that info isn't anything you usually have to configure or worry about.

Are you speaking of a BIOS password perhaps? If so please click HERE. You will need to know what bios chip is on your motherboard. HTH

If it is a BIOS password that we're talking about, you might be able to reset the BIOS by: unplugging the laptop's power cord, removing the laptop's main battery, opening the lappy, and removing the CMOS battery on the motherboard. Leave the CMOS battery out of the system for a while (in some instance, up to 30 minutes), and then put it all back together.

If the Visio drawing only needs to appear in Word as a static picture, try using the "Save As..." in Visio to save the document/drawing as a JPEG. Then embed the converted JPEG file instead of the original Visio-format file.

hehe...

I don't claim to be an Intel Expert, but isn't Hyperthreading special because the chip has dual execution units, so there's two execution units feeding data to the core, thus making the system seem like a dual system?

In a nutshell, yes- you've got it Alex.

A Hyperthreaded CPU implements 2 logical "Architectural States" which share the same physical core; the OS will see/identify each logical portion as a separate processor. In fact, if you have an OS which supports two (or more) physical processors, and each of those processors were hyperthreading, the OS would report that you have 4 (or more) processors.

If that fixes it, then you've probably got spyware. I'd suggest following this action up by running Spybot and Adaware.

Even if that doesn't fix it, the symptoms you describe could certainly all be caused by malicious programs which have gotten on your system in the course of your Web surfing. I'd definitely recommend running the programs that alc6379 suggests. Both programs are free; you can download them from the links in my sig file.

** Note:
If you do find that "spyware" might be the root of your problems, please start a separate thread in our Security forum- that's where we concentrate on virus/spyware/etc. infections.

You're welcome- glad we could help. :)

Are you sure that did the trick? If so, we'll mark this thread as "solved"

Yeah, sorry about that- the french justlinux.org site isn't affiliated in any way with the justlinux.com site that I meant to refer to in my first post.

BTW- The site isn't "mine", but it hepled me more than any other site when I was first learing Linux, so once I didi learn the OS I decided to return the favor by volunteering my time there.

:)

Thanks for picking up on this one Chris. :)

- Dave

Ah, fnargle- My bad. The link is:

www.justlinux.com

sorry bout that.

Hey again,

Have a look through the threads in the Security forum (and the links in my sig file below as well) for info on downloading and using the "Spyware" detection and removal tools we recommend.

Your HJT log does indicate that you have a few "unwanted guests" on your system, but it's dinner time in my end of the world, so I'll leave the log analysis to crunchie; he should be online in a few hours.

OK- this is a bit of a (shameless) plug, but both Alex (acl6379) and I also moderate at a great Linux site: www.justlinux.org.

Visist us over there, register as a member, and we'll help you out with any and all of your questions.

Hi cannonfire- welcome to TechTalk :)

Your problem is most likely spyware related, but we deal with those issues in our Security forum, so I'm moving this thread there now so that our security experts can examine your HJT log.

Explorer should never fault on a temp file (that is, a file with a .TMP extention or a filename beginning with a "~"); it does not rely on temp files in normal operation.

The most likely cause for the error is the fact that your IE has been infected/altered by a malicious program. I'm moving this to our Security forum so that our "Spyware" experts can have a look at your problem.

n-case is definitely an "unwanted guest" that didn't get fully removed; did you make sure to install the latest virus/spyware definition updates for your utilities before you ran them?

Your computer is probably fine, even if it is a bit old. Given the existence of n-case and the rundll error, I'd say your problems are just the result of spyware, so I'm moving this to our Security forum. Have a read through the thread there for suggestions on removing persistent spyware elelments. If nothing seems to work, download HijackThis (the link to the download site is in my sig below), have it scan your system, and post the contents of the log file it generates.

Restore the previous backup point

Erm- no.

If the last restore point contained components of malware programs, going back to that point willl just bring that malware back in to your system.

You've been infected by the NewDotNet "spyware" program, which means that you probably have other unwanted guests in your system as well.

I'm moving this thread to our Security forum now; our security experts will help you out from there.

Have HJT fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5A86CD8E-5A67-49E3-87AB-78E82D4A8C8D} - C:\WINDOWS\System32\olkn.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25b8674...ip/RdxIE601.cab

The Temp\sp.html hijack can be persistent, check out the suggestions given in the following threads:

http://www.daniweb.com/techtalkforums/search.php?searchid=97885

After running the removal utilities:

- For every user account on your system: In C:\Documents and Settings\username\Local Settings you will find Cookie, History, Temp, and Temporary Internet Files folders. Delete the contents of all of those folders.

- In C:\Windows\Temp you'll also find another set of History and Temporary Internet Files folders. Delete the contents of C:\Windows\Temp.

- Empty the Recycle Bin.

- Reboot.

also, is this a bad file? RUNDLL32.EXE-451FC2C0.pf

Looks like it to me; it certainly isn't a normal Windows system file.

spybot continuoulsy finds DSOexploit, and i'll say fix and it'll fix it, but then i'll have it search again and it'll come up again. i've read that that this is just a bug in spybot, it that right?

It is a known bug; you can ignore it.

Unfortunately, the shutdowns could be caused by a number things. It could be a software problem, but faulty hardware such as a bad stick of RAM, a weak power supply, or an overheating component can cause that behaviour also.

What make/model of sound card do you have? You might be able to download the software for it from the manufacturer's website.

Right-click on My Computer and in the menu that pops up go to Properties->Hardware->Device Manager. Do you see any red "X"s or yellow exclamation points next to any of your sound devices?

I don't appreciate you referring to me as stupid b/c we don't know it all.

That comment wasn't directed at you valerieg. It's just part of basementcoder's signature file; it will show up in every post he makes.

Can you clarify a couple of points please?

1.

I had many programs, etc. before, which I now can not access. They are still on my harddrive, however, but I can not open them.

When you say that you "reinstalled" XP, did you do a full reinstall? If so, your previous user info, system settings, registry entries, etc. will have been overwritten. In other words, even though all of your old data files and programs are still on the drive, none of that info is registered with the new installation of Windows. Your settings for the old user account have most likely been erased, and you'll have to reinstall all of your programs in order for them to work.

2.

I noticed all my user settings, including programs and favorite internet websites I had saved...

Where exactly did you save that information? If you copied the entire subdirectory tree under C:\Documents and Settings\Your Old Username to a safe location, you can just move it into the C:\Documents and Settings\Your New Username folder. This will replace the default My Documents, Favorites, Start menu, History, etc. folders in the new account with your old, saved information. Note that many of the old shortcuts in those menus won't work though, …

In order for us to help you need to tell us the exact error message

Giving us the information I asked for above would really help us- rundll32 handles a number of functions in Windows, so knowing the exact text of the error message will help us narrow down the possibilities.

<edit>
Hmm, looks like this is post # 1,000 for me- I really do need to get a life, don't I?
</edit>

:mrgreen:

okay, it's a thing called RAID administrator!

Woops, my bad.

I assumed that the "adapter" the message was referring to was your network adapter, because most normal home-use systems don't have use RAID. In your boyfriend's case, it sounds like he doesn't really have a RAID controller (the "adapter" in this case, from the sounds of it) installed/enabled either, but somehow the RAID administration software got enabled. Upon not finding any RAID devices to administer, the RAID software barfed up the "no adapter" message.

If your boyfriend truly doesn't have a RAID setup, you should be able to just leave the administration program disabled and everything will be OK.

Actually, there are more forms of RAID than that

Quite a few, as a matter of fact:

http://www.acnc.com/04_01_00.html

But I found XoftSpy via a link from this site so that gave me the little extra nudge of encouragement...

If you're talking about that recent post (I can't remember which one) where a user said XoftSpy fixed things that Ad aware, SpyBot, etc. couldn't- beware. We don't verify, audit, or edit user comments on a particular program; just because "someone" said it works, don't bite that worm without checking it out yourself.

And yes, caperjack is right- the program is, at the very least, known to give false-positives to entice you to buy the full version.

D-oh! Glad it was that simple.

( Now go and give yourself 10 lashes with a wet trout... [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/fishwhack.gif[/img] )

:mrgreen:

It could be a number of things- have a read through past threads on the topic to see if any of the fixes/suggestions relate to your specific issue:

http://www.daniweb.com/techtalkforums/search.php?searchid=96170

A google search didn't turn up anything...

Try it without the .ini extension and you'll get exactly 1 return- and guess what? Surprise- it's spyware-related!

alc6379 is right- .ini files are simple text files (or should be); open the file in Notepad and have a look at it. If you have questions, post the contents of the file here.

I'd also suggest that you take a look at many of the threads in our Security forum to find out how to detect and remove Spyware, Adware, Trojans, and the like- if you've got one malicious program on your system, you definitely have others... :(

1. Quit any web browser program if open and then have HJT fix all of the entries ending in: (no file).

2. You can also kill this one:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

3. Are you behind a proxy? If not, fix these as well:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.242.16.8:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.*.*;<local>

4. For every user account in C:\Documents and Settings, delete the contents of the following folders:

- Cookies
- Local Settings\Temp
- Local Settings\History
- Local Settings\Temporary Internet Files

5. Empty your Recycle Bin

6. Reboot

The site is sometimes unreachable or very bogged down; try these links instead:

http://hjt.wizardsofwebsites.com/
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
http://www.help2go.com/article153.html

So, Ogre- who weedled in your Corn Flakes this morning? [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/eek3.gif[/img]

Look under the "View" option in your main menu bar and make sure the "Status Bar" selection is checked.

I have completely formatted the C drive and now can no longer boot into XP successfully.

That's because XP, even though actually installed on E:, wrote boot information to the root directory of your C: drive. Now that you've formatted C:, that information no longer exists.

As Catweazle said, boot into the rescue console from the XP cd. Once at the rescue console's command prompt, issue the following command:

FIXBOOT C:

That should write/restore the appropriate boot info.

mandy101w,

Please note the Announcement header in this forum:

"Announcement: Post all HijackThis logs in the security forum"

I'll move this to Security now.

I'll move this topic to that section for you, to save you the trouble of posting it again.

And you would be moving this when, Terry? :mrgreen:

- Thread moving now...

The fact that your friend can ping you but you can't ping him might mean that your friend's computer has some sort of firewalling software running. If so, have your friend disable the firewall and see if you can then access his system. Also compare your friend's overall security settings with those on your machine; his security levels might be set higher/tighter than yours.

Hey cj- glad you got it going. Don't forget to send them the bill. :mrgreen:

You're welcome.

I haven't used Mandrake in a while, so I can't tell you exactly how you get into rescue mode once you've booted from the CD, but I know the option is there somewhere. Once you do get into rescue mode and get to a command prompt, typing the following command will exxentially switch you from running of the CD to running off the system on your hard drive:

chroot /mnt/sysimage

From there you should at least be able to browse to the direftory where your grub config file lives and view/edit the file.

Keep us posted.

Well now there's a twist we weren't expecting :mrgreen:

Great. Thanks for the follow-up :)